On the wordpress 4.5.3 site you can find out the username by guessing his ID. The link http://www.mysite.com/?author=1 shows the user name in the address bar and in the "title" tag of the page being formed. I want to close this feature with the ".htaccess" file by redirecting to the page with the error "403" I tried to write in ".htaccess":

 RewriteEngine On RewriteCond %{QUERY_STRING} author=\d RewriteRule ^(.*)$ index.php [F,L]

But it does not work, tell me how to make the code correctly Or maybe there is another way to close it.

    2 answers 2

    First, at least an error in the regular schedule, author=\d+ necessary (otherwise you close only users with id [0-9]), then you need ^ - the beginning of the line, you need $ - the end of the line,

    the result is:

    secondly RewriteRule ^author/(.*)$ http://example.com/ [R,L] from off-site

    googles wordpress author id exposes htaccess

    • @ Visman, @ strangeqargo thanks. Combined tips and it turned out: RewriteCond %{QUERY_STRING} ^author/(.*)$ RewriteRule ^ /? [L,R=301] RewriteRule ^ /? [L,R=301] Works like with ^author/(.*)$ like that ^author=(.*)$ , What does slash give? - Rimarx
    • just a slash in the file / directory path, it is almost optional as a symbol . includes it too. another thing is that then you can capture another path, such as author_ - strangeqargo

    Then do this:

     RewriteEngine On # это не админка RewriteCond %{REQUEST_URI} !^/wp-admin [NC] # есть запрос переменной RewriteCond %{QUERY_STRING} \dauthor=\d # тогда редирект на главную, но без GET параметров RewriteRule ^ /? [L,R=301]

    Based on https://wordpress.stackexchange.com/questions/46469/can-i-prevent-enumeration-of-usernames